Jump to content

Archived

This topic is now archived and is closed to further replies.

Aljade

Storing A Hashed Password In Cookie

Recommended Posts

I am making a user login system and I thought a way to make a session/cookie more secure I could store the users password encoded with sha1 and verify it.

So for example when the user logged in I would make 2 sessions like so:
[code]$_SESSION['user_id'] = $user_id;
$_SESSION['secure_hash'] = $user_sha1_password;[/code]

Also if the user selected to automatically login I created 2 cookies:
[code]setcookie("autologin_userid", $user_id, time() + 31536000, "/Example", "example.com", 0);
setcookie("autologin_secure", $user_sha1_password, time() + 31536000, "/Example", "example.com", 0);[/code]

Then I would check the stored hashed password from cookies/sessions with the one that was stored in the database.

Now is this actually making my system more secure than if I just stored the user's id in the session/cookie or is it making it less secure?

Thank you!

Share this post


Link to post
Share on other sites
i personally do something like this: take the user name and password and join them together in my own super secret alogorythm way. then encrypt that with md5 or sha1 and store that string as a cookie.

Share this post


Link to post
Share on other sites
I wouldn't suggest storing any passwords in a cookie. Why not just setup a session hash id that updated every page load?

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.